Setup keystore for remote clients

Setup keystore for remote clients

You need a safe keystore in order to be able to communicate between the InterFormNG2 host, and the remote clients in a safe manner.


This is done by the use of a keystore. The same keystore file must be shared between the InterFormNG2 host and the remote clients, so you need to copy and share it onto all the servers involved.


InterFormNG2 is shipped with a keystore, that you can reference as:

internal:remoteoutput.jks
This can be replaced with the file system path of another keystore. (Note that no customer data is sent in the notifications, so it is not strictly necessary to replace the keystore).

A new certificate and key store can be generated using the standard Java Keytool that is included with the Java installation:
keytool -genkeypair \
  -alias remoteprint \
  -keyalg RSA \
  -keysize 2048 \
  -storetype PKCS12 \
  -keystore remoteprint.jks \
  -validity 3650

For IBM i platform

If you want to generate a keystore on the IBM i platform, then you can create it via Qshell by first running this command to start QShell:

STRQSH

And then run the command above.


We have found, that a PKCS12 keystore was not supported on an IBM i, so here you may create it with this command instead:

keytool -genkeypair \
  -alias remoteprint \
  -keyalg RSA \
  -keysize 2048 \
  -storetype JKS \
  -keystore /iformng2/remoteprint.jks \
  -validity 3650

After this you have a new keystore file called remoteprint.jks in the IFORMNG2 directory in the IFS.

 

Remember to copy the keystore file from the host to the remote client and make a note of the keystore password as you will need it, when you configure both the InterFormNG2 host, and the remote clients.

 

Now you can continue with the setup of your remote clients as covered here.
How to test the password of a keystore

You can use this command to test the password of a keystore:

keytool -list \
  -keystore <keystorefile> \
  -storepass <passwordtocheck>

 

The parameters are:

  • -list → Lists all entries (aliases) stored in the keystore.
  • -keystore <keystorefile> → Specifies the path to the keystore file.
  • -storepass <passwordtocheck> → Provides the password to access the keystore.
    •
     

     



      • Related Articles

      • Remote clients

        If you wish to store output files generated by InterFormNG2 on external servers, there are several options available, as outlined here. One option is to gain access via a remote client, which requires purchasing a specialized Remote client module. ...

      • Install remote clients

        The complete setup and configuration of remote clients in InterFormNG2 is covered here. A part of this is the installation and configuration of the remote clients. First you need to download the installation file for the remote client. You can ...

      • Output via remote clients

        This section describes how to use remote clients in the InterFormNG2 workflow. The remote client can be used for these kinds of output in the workflow: Print on remote printers, that are only reachable via the remote client(s) Email via email ...

      • Global remote output setup

        It is possible to print on other networks, that are protected by a firewall. For that you need a remote client in the remote network, that is able to access the InterFormNG server. To do that you first need to enable this feature globally in ...

      • Start and stop remote clients

        Refer to this for the complete setup of remote clients. This section contains information of how to start and stop the service, that runs the remote client. Starting a remote client service You can start a remote client in two ways: Via a Windows ...